Comments on: How to Generate a Self-Signed SSL Certificate on Linux https://www.rosehosting.com/blog/how-to-generate-a-self-signed-ssl-certificate-on-linux/ Premium Linux Tutorials Since 2001 Fri, 03 Jun 2022 08:34:26 +0000 hourly 1 https://wordpress.org/?v=6.5.2 By: John Fairbairn https://www.rosehosting.com/blog/how-to-generate-a-self-signed-ssl-certificate-on-linux/#comment-48409 Mon, 31 Aug 2020 21:20:59 +0000 https://www.rosehosting.com/blog/?p=29007#comment-48409 For anyone running in to the following error, there has been a deliberate change of behavior from SSL 1.0.1 to SSL 1.1.x to the -passout pass:x password being at least 4 characters. Running the first command documented in the article will result in:

# openssl genrsa -des3 -passout pass:x -out keypair.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
…………..+++++
………………………………………..+++++
e is 65537 (0x010001)
140657812918720:error:28078065:UI routines:UI_set_result_ex:result too small:../crypto/ui/ui_lib.c:903:You must type in 4 to 1023 characters
140657812918720:error:28078065:UI routines:UI_set_result_ex:result too small:../crypto/ui/ui_lib.c:903:You must type in 4 to 1023 characters
140657812918720:error:0906906F:PEM routines:PEM_ASN1_write_bio:read key:../crypto/pem/pem_lib.c:357:

To remedy this on SSL 1.1.0 run:

openssl genrsa -des3 -passout pass:xxxx -out keypair.key 2048

or run command:

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out keypair.key

as a substitute.

documentation on the ‘not a bug’ here:

https://bugzilla.redhat.com/show_bug.cgi?id=1467669

Test system: Ubuntu 18.04.4 LTS
Library: openssl-1.1.1

]]>
By: joe https://www.rosehosting.com/blog/how-to-generate-a-self-signed-ssl-certificate-on-linux/#comment-48196 Tue, 05 May 2020 12:46:23 +0000 https://www.rosehosting.com/blog/?p=29007#comment-48196 Super Thanks…! this is really good article.

]]>
By: admin https://www.rosehosting.com/blog/how-to-generate-a-self-signed-ssl-certificate-on-linux/#comment-47535 Sun, 13 Jan 2019 07:49:43 +0000 https://www.rosehosting.com/blog/?p=29007#comment-47535 In reply to Jason.

If there is a RANDFILE line in your openssl.cnf configuration file (/etc/pki/tls/openssl.cnf) you should be able to safely delete or comment the line by placing # in front, for example:

# RANDFILE = $ENV::HOME/.rnd

After you do this, try to run the command again.

]]>
By: Jason https://www.rosehosting.com/blog/how-to-generate-a-self-signed-ssl-certificate-on-linux/#comment-47534 Sat, 12 Jan 2019 20:21:36 +0000 https://www.rosehosting.com/blog/?p=29007#comment-47534 I have been trying to create a self-signed certificate but I keep getting an error related to the random number generator. I entered this in the terminal:

openssl req -x509 -days 365 -sha256 -newkey rsa:4096 -keyout mycert.pem -out mycert.pem

I then get the prompt to enter my information. I get through that just fine but when I press enter, I get the following error:

Cannot write random bytes:

139680915939776:error:2407007A:random number generator:RAND_write_file:Not a regular file:crypto/rand/randfile.c:163:Filename=/home/user/.rnd

Can you provide any help?

]]>
By: Sam https://www.rosehosting.com/blog/how-to-generate-a-self-signed-ssl-certificate-on-linux/#comment-47401 Wed, 14 Nov 2018 12:12:03 +0000 https://www.rosehosting.com/blog/?p=29007#comment-47401 Thank you very much for sharing this informative write-up. This is really very useful.

]]>
By: Hanna https://www.rosehosting.com/blog/how-to-generate-a-self-signed-ssl-certificate-on-linux/#comment-47391 Thu, 08 Nov 2018 03:16:52 +0000 https://www.rosehosting.com/blog/?p=29007#comment-47391 It’s very helpful to apply SSL on the website..

Thanks…

]]>